PrintFactory uses the LicenseServer service to connect to its cloud infrastructure. The LicenseServer acts as a proxy for all applications. By acting as a proxy there is no need to have Internet access on the production floor as long as the LicenseServer is reachable by the applications.
In order to establish the bi-directional communication between the on premises and cloud applications the LicenseServer expects to have access to the following servers and ports:
External connections (from proxy):
Software Manager will do a check using the LicenseServer if the connections can be established. The left green tick shows if the Software Manager (and therefore all other on-premises application) can reach the LicenseServer Proxy, the right tick shows if the LicenseServer can reach the cloud applications. A green tick shows successful bi-directional communication an amber tick means that it is allowed to send data to the cloud but not able to receive information back. The latter means that WebSocket connectivity is blocked (connect.aurelon.com).
If the right tick is amber colored then not all connections are successfully established. To find out what fails hover over the tick and a tooltip window will appear listing the details of each of the connections.
A common set-up is to install the LicenseServer in a secure environment controlled by the IT department. The LicenseServer is installed on an edge server and the firewall is set-up only to allow access to and from the aforementioned servers on the interface that connects to the Internet and allow unrestricted access to the production floor or a firewall limited to ports:
All communication is by default encrypted between the proxy and the cloud. The connection acts as VPN between your local installation(s) and the secure cloud storage.
The data is redundantly stored on multiple devices across multiple facilities in an Amazon S3 Region close to your location.
Certain routers can apply deep packet inspection for security protocols. This may cause a problem as PrintFactory can no longer establish a secure connection properly to the cloud servers. To provide deep packet inspection on SSL connections, intermediate certificate (issued by the router) is used to allow the router to intercept the traffic between PrintFactory and the cloud. This is also known as “man-in-the-middle”, when traffic is decrypted, analyzed and encrypted back. This establishes a non-secure chain and rejected by PrintFactory in incorrect router configuration. To solve this situation there are 2 possible routes:
An exceptional case is to have a webproxy server, allowing to report statuses and statistics to the cloud but not receiving automation instructions from the cloud. Therefore using proxies is discouraged, the LicenseServer is a proxy by itself and shields the production floor from direct Internet as long as the LicenseServer has direct Internet access.
By default, the LicenseServer application tries to connect to the Internet and also tries to establish the Proxy settings automatically.
In case the proxy settings are automatically detected then the file “C:\Users\Public\Hub\ComputerConfig.xml” is read. The proxy settings can be defined into this file, using the particular proxy, port, username and password of your network.
You can find below an example for this “ComputerConfig.xml” file:
<?xml version="1.0"?> <ComputerConfig> <ProxySettings> <Proxy>www.google.com</Proxy> <Port>123</Port> <User>User</User> <Pass>Pass</Pass> </ProxySettings> </ComputerConfig>